System/Kernel
PS C:\xampp\htdocs\blog> cmd /c ver
Microsoft Windows [Version 10.0.19044.1645]
PS C:\xampp\htdocs\blog> systeminfo ; Get-ComputerInfo
Host Name: MIKE-PC
OS Name: Microsoft Windows 10 Pro
OS Version: 10.0.19044 N/A Build 19044
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: admin
Registered Organization:
Product ID: 00331-10000-00001-AA598
Original Install Date: 6/18/2021, 4:06:17 AM
System Boot Time: 8/1/2024, 7:30:14 PM
System Manufacturer: VMware, Inc.
System Model: VMware7,1
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: AMD64 Family 25 Model 1 Stepping 1 AuthenticAMD ~2650 Mhz
BIOS Version: VMware, Inc. VMW71.00V.21100432.B64.2301110304, 1/11/2023
Windows Directory: C:\WINDOWS
System Directory: C:\WINDOWS\system32
Boot Device: \Device\HarddiskVolume2
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC-08:00) Pacific Time (US & Canada)
Total Physical Memory: 2,047 MB
Available Physical Memory: 584 MB
Virtual Memory: Max Size: 3,199 MB
Virtual Memory: Available: 1,451 MB
Virtual Memory: In Use: 1,748 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\MIKE-PC
Hotfix(s): 8 Hotfix(s) Installed.
[01]: KB5012117
[02]: KB4562830
[03]: KB4580325
[04]: KB5003791
[05]: KB5012599
[06]: KB5011352
[07]: KB5011651
[08]: KB5005699
Network Card(s): 1 NIC(s) Installed.
[01]: vmxnet3 Ethernet Adapter
Connection Name: Ethernet0 2
DHCP Enabled: No
IP address(es)
[01]: 192.168.156.180
Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
WindowsBuildLabEx : 19041.1.amd64fre.vb_release.191206-1406
WindowsCurrentVersion : 6.3
WindowsEditionId : Professional
WindowsInstallationType : Client
WindowsInstallDateFromRegistry : 6/18/2021 12:06:17 PM
WindowsProductId : 00331-10000-00001-AA598
WindowsProductName : Windows 10 Pro
WindowsRegisteredOrganization :
WindowsRegisteredOwner : admin
WindowsSystemRoot : C:\WINDOWS
WindowsVersion : 2009
BiosCharacteristics : {4, 7, 9, 11...}
BiosBIOSVersion : {INTEL - 6040000, VMW71.00V.21100432.B64.2301110304,
VMware, Inc. - 10000}
BiosBuildNumber :
BiosCaption : VMW71.00V.21100432.B64.2301110304
BiosCodeSet :
BiosCurrentLanguage :
BiosDescription : VMW71.00V.21100432.B64.2301110304
BiosEmbeddedControllerMajorVersion : 255
BiosEmbeddedControllerMinorVersion : 255
BiosFirmwareType : Uefi
BiosIdentificationCode :
BiosInstallableLanguages :
BiosInstallDate :
BiosLanguageEdition :
BiosListOfLanguages :
BiosManufacturer : VMware, Inc.
BiosName : VMW71.00V.21100432.B64.2301110304
BiosOtherTargetOS :
BiosPrimaryBIOS : True
BiosReleaseDate : 1/10/2023 4:00:00 PM
BiosSeralNumber : VMware-42 1e c9 12 2c 36 ed 5a-58 d4 cb b8 1e 31 81 cb
BiosSMBIOSBIOSVersion : VMW71.00V.21100432.B64.2301110304
BiosSMBIOSMajorVersion : 2
BiosSMBIOSMinorVersion : 7
BiosSMBIOSPresent : True
BiosSoftwareElementState : Running
BiosStatus : OK
BiosSystemBiosMajorVersion : 255
BiosSystemBiosMinorVersion : 255
BiosTargetOperatingSystem : 0
BiosVersion : INTEL - 6040000
CsAdminPasswordStatus : Enabled
CsAutomaticManagedPagefile : True
CsAutomaticResetBootOption : True
CsAutomaticResetCapability : True
CsBootOptionOnLimit : DoNotReboot
CsBootOptionOnWatchDog : DoNotReboot
CsBootROMSupported : True
CsBootStatus : {0, 0, 0, 33...}
CsBootupState : Normal boot
CsCaption : MIKE-PC
CsChassisBootupState : Safe
CsChassisSKUNumber :
CsCurrentTimeZone : -420
CsDaylightInEffect : True
CsDescription : AT/AT COMPATIBLE
CsDNSHostName : Mike-PC
CsDomain : WORKGROUP
CsDomainRole : StandaloneWorkstation
CsEnableDaylightSavingsTime : True
CsFrontPanelResetStatus : Unknown
CsHypervisorPresent : True
CsInfraredSupported : False
CsInitialLoadInfo :
CsInstallDate :
CsKeyboardPasswordStatus : Unknown
CsLastLoadInfo :
CsManufacturer : VMware, Inc.
CsModel : VMware7,1
CsName : MIKE-PC
CsNetworkAdapters : {Ethernet0 2}
CsNetworkServerModeEnabled : True
CsNumberOfLogicalProcessors : 2
CsNumberOfProcessors : 1
CsProcessors : {AMD EPYC 7413 24-Core Processor }
CsOEMStringArray : {[MS_VM_CERT/SHA1/27d66596a61c48dd3dc7216fd715126e33f59ae7],
Welcome to the Virtual Machine}
CsPartOfDomain : False
CsPauseAfterReset : 3932100000
CsPCSystemType : Desktop
CsPCSystemTypeEx : Desktop
CsPowerManagementCapabilities :
CsPowerManagementSupported :
CsPowerOnPasswordStatus : Disabled
CsPowerState : Unknown
CsPowerSupplyState : Safe
CsPrimaryOwnerContact :
CsPrimaryOwnerName : admin
CsResetCapability : Other
CsResetCount : -1
CsResetLimit : -1
CsRoles : {LM_Workstation, LM_Server, NT}
CsStatus : OK
CsSupportContactDescription :
CsSystemFamily :
CsSystemSKUNumber :
CsSystemType : x64-based PC
CsThermalState : Safe
CsTotalPhysicalMemory : 2146459648
CsPhyicallyInstalledMemory : 2097152
CsUserName : MIKE-PC\Mike
CsWakeUpType : PowerSwitch
CsWorkgroup : WORKGROUP
OsName : Microsoft Windows 10 Pro
OsType : WINNT
OsOperatingSystemSKU : 48
OsVersion : 10.0.19044
OsCSDVersion :
OsBuildNumber : 19044
OsHotFixes : {KB5012117, KB4562830, KB4580325, KB5003791...}
OsBootDevice : \Device\HarddiskVolume2
OsSystemDevice : \Device\HarddiskVolume4
OsSystemDirectory : C:\WINDOWS\system32
OsSystemDrive : C:
OsWindowsDirectory : C:\WINDOWS
OsCountryCode : 1
OsCurrentTimeZone : -420
OsLocaleID : 0409
OsLocale : en-US
OsLocalDateTime : 4/18/2025 12:24:52 PM
OsLastBootUpTime : 8/1/2024 8:30:14 PM
OsUptime : 259.15:54:37.6447815
OsBuildType : Multiprocessor Free
OsCodeSet : 1252
OsDataExecutionPreventionAvailable : True
OsDataExecutionPrevention32BitApplications : True
OsDataExecutionPreventionDrivers : True
OsDataExecutionPreventionSupportPolicy : OptIn
OsDebug : False
OsDistributed : False
OsEncryptionLevel : 256
OsForegroundApplicationBoost : Maximum
OsTotalVisibleMemorySize : 2096152
OsFreePhysicalMemory : 580728
OsTotalVirtualMemorySize : 3275800
OsFreeVirtualMemory : 1454076
OsInUseVirtualMemory : 1821724
OsTotalSwapSpaceSize :
OsSizeStoredInPagingFiles : 1179648
OsFreeSpaceInPagingFiles : 1077912
OsPagingFiles : {C:\pagefile.sys}
OsHardwareAbstractionLayer : 10.0.19041.1566
OsInstallDate : 6/18/2021 5:06:17 AM
OsManufacturer : Microsoft Corporation
OsMaxNumberOfProcesses : 4294967295
OsMaxProcessMemorySize : 137438953344
OsMuiLanguages : {en-US}
OsNumberOfLicensedUsers :
OsNumberOfProcesses : 118
OsNumberOfUsers : 10
OsOrganization :
OsArchitecture : 64-bit
OsLanguage : en-US
OsProductSuites : {TerminalServicesSingleSession}
OsOtherTypeDescription :
OsPAEEnabled :
OsPortableOperatingSystem : False
OsPrimary : True
OsProductType : WorkStation
OsRegisteredUser : admin
OsSerialNumber : 00331-10000-00001-AA598
OsServicePackMajorVersion : 0
OsServicePackMinorVersion : 0
OsStatus : OK
OsSuites : {TerminalServices, TerminalServicesSingleSession}
OsServerLevel :
KeyboardLayout : en-US
TimeZone : (UTC-08:00) Pacific Time (US & Canada)
LogonServer : \\MIKE-PC
PowerPlatformRole : Desktop
HyperVisorPresent : True
HyperVRequirementDataExecutionPreventionAvailable :
HyperVRequirementSecondLevelAddressTranslation :
HyperVRequirementVirtualizationFirmwareEnabled :
HyperVRequirementVMMonitorModeExtensions :
DeviceGuardSmartStatus : Off
DeviceGuardRequiredSecurityProperties :
DeviceGuardAvailableSecurityProperties :
DeviceGuardSecurityServicesConfigured :
DeviceGuardSecurityServicesRunning :
DeviceGuardCodeIntegrityPolicyEnforcementStatus :
DeviceGuardUserModeCodeIntegrityPolicyEnforcementStatus : Microsoft Windows [Version 10.0.19044.1645]OS Name: Microsoft Windows 10 ProSystem Type: x64-based PCProcessor(s): 1 Processor(s) Installed.Hotfix(s): 8 Hotfix(s) Installed.[01]: KB5012117[02]: KB4562830[03]: KB4580325[04]: KB5003791[05]: KB5012599[06]: KB5011352[07]: KB5011651[08]: KB5005699
Networks
PS C:\xampp\htdocs\blog> ipconfig /all ; arp -a ; print route
Windows IP Configuration
Host Name . . . . . . . . . . . . : Mike-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet0 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter
Physical Address. . . . . . . . . : 00-50-56-9E-05-17
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.156.180(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.156.254
DNS Servers . . . . . . . . . . . : 192.168.156.254
NetBIOS over Tcpip. . . . . . . . : Enabled
Interface: 192.168.156.180 --- 0x7
Internet Address Physical Address Type
192.168.156.254 00-50-56-9e-59-95 dynamic
192.168.156.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
255.255.255.255 ff-ff-ff-ff-ff-ff static
Unable to initialize device PRNPS C:\xampp\htdocs\blog> netstat -ano | Select-String LIST
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 6108
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 912
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 6108
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 408
TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING 1228
TCP 0.0.0.0:7680 0.0.0.0:0 LISTENING 2864
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 700
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 544
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1236
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 404
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 676
TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 2020
TCP 192.168.156.180:139 0.0.0.0:0 LISTENING 4
TCP [::]:80 [::]:0 LISTENING 6108
TCP [::]:135 [::]:0 LISTENING 912
TCP [::]:443 [::]:0 LISTENING 6108
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:3389 [::]:0 LISTENING 408
TCP [::]:7680 [::]:0 LISTENING 2864
TCP [::]:49664 [::]:0 LISTENING 700
TCP [::]:49665 [::]:0 LISTENING 544
TCP [::]:49666 [::]:0 LISTENING 1236
TCP [::]:49667 [::]:0 LISTENING 404
TCP [::]:49668 [::]:0 LISTENING 676
TCP [::]:49669 [::]:0 LISTENING 2020Users & Groups
PS C:\xampp\htdocs\blog> net users ; ls C:\Users
User accounts for \\MIKE-PC
-------------------------------------------------------------------------------
Administrator DefaultAccount Guest
Mike WDAGUtilityAccount
The command completed successfully.
Directory: C:\Users
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 8/1/2024 8:30 PM Administrator
d----- 8/1/2024 8:30 PM Mike
d-r--- 6/18/2021 5:55 AM PublicPS C:\xampp\htdocs\blog> net localgroup ; net group /DOMAIN
System error 1355 has occurred.
The specified domain either does not exist or could not be contacted.
DOMAIN
Aliases for \\MIKE-PC
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Cryptographic Operators
*Device Owners
*Distributed COM Users
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Power Users
*Remote Desktop Users
*Remote Management Users
*Replicator
*System Managed Accounts Group
*Users
The command completed successfully.
The request will be processed at a domain controller for domain WORKGROUP.Processes
PS C:\xampp\htdocs\blog> cmd /c tasklist /svc ; ps
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
Registry 92 N/A
smss.exe 340 N/A
csrss.exe 444 N/A
wininit.exe 544 N/A
csrss.exe 560 N/A
winlogon.exe 640 N/A
services.exe 676 N/A
lsass.exe 700 KeyIso, SamSs, VaultSvc
fontdrvhost.exe 784 N/A
fontdrvhost.exe 788 N/A
svchost.exe 800 BrokerInfrastructure, DcomLaunch, LSM,
PlugPlay, Power, SystemEventsBroker
svchost.exe 912 RpcEptMapper, RpcSs
dwm.exe 1004 N/A
svchost.exe 404 BITS, dmwappushservice, DsmSvc, gpsvc,
IKEEXT, iphlpsvc, LanmanServer, ProfSvc,
Schedule, SENS, SessionEnv,
ShellHWDetection, Themes, TokenBroker,
UserManager, UsoSvc, Winmgmt, wisvc,
wlidsvc, WpnService, wuauserv
svchost.exe 408 TermService
svchost.exe 876 AudioEndpointBuilder, DsSvc, NcbService,
Netman, PcaSvc, StorSvc, SysMain,
TabletInputService, TrkWks, UmRdpService,
WdiSystemHost
svchost.exe 1120 CertPropSvc
svchost.exe 1220 CoreMessagingRegistrar, DPS
svchost.exe 1228 CDPSvc, DispBrokerDesktopSvc, EventSystem,
FontCache, LicenseManager, netprofm, nsi,
WdiServiceHost
svchost.exe 1236 Dhcp, EventLog, lmhosts, TimeBrokerSvc,
WinHttpAutoProxySvc
svchost.exe 1308 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc
Memory Compression 1396 N/A
svchost.exe 1500 AppXSvc, ClipSVC
svchost.exe 1596 Audiosrv
svchost.exe 1752 DusmSvc
svchost.exe 1764 Wcmsvc
svchost.exe 1900 BFE, mpssvc
svchost.exe 2020 PolicyAgent
svchost.exe 2128 DiagTrack
VGAuthService.exe 2220 VGAuthService
vm3dservice.exe 2228 VM3DService
vmtoolsd.exe 2252 VMTools
MsMpEng.exe 2264 WinDefend
vm3dservice.exe 2424 N/A
dllhost.exe 2664 COMSysApp
WmiPrvSE.exe 2916 N/A
msdtc.exe 2696 MSDTC
NisSrv.exe 3416 WdNisSvc
svchost.exe 3724 RmSvc
SecurityHealthService.exe 3984 SecurityHealthService
svchost.exe 1012 StateRepository
notepad.exe 3104 N/A
sihost.exe 3532 N/A
svchost.exe 3852 CDPUserSvc_60b5b, OneSyncSvc_60b5b,
WpnUserService_60b5b
MicrosoftEdgeUpdate.exe 3900 N/A
taskhostw.exe 2976 N/A
ctfmon.exe 4036 N/A
explorer.exe 4328 N/A
svchost.exe 4424 cbdhsvc_60b5b
StartMenuExperienceHost.e 4728 N/A
RuntimeBroker.exe 4792 N/A
SearchApp.exe 4900 N/A
SearchIndexer.exe 4908 WSearch
RuntimeBroker.exe 5008 N/A
RuntimeBroker.exe 3336 N/A
WmiPrvSE.exe 5228 N/A
svchost.exe 5292 SSDPSRV
SecurityHealthSystray.exe 5364 N/A
vmtoolsd.exe 5472 N/A
msedge.exe 5516 N/A
msedge.exe 5532 N/A
msedge.exe 5700 N/A
msedge.exe 5708 N/A
msedge.exe 5744 N/A
xampp-control.exe 6064 N/A
httpd.exe 6108 N/A
conhost.exe 6116 N/A
httpd.exe 4548 N/A
SystemSettings.exe 6912 N/A
ApplicationFrameHost.exe 6920 N/A
svchost.exe 2864 DoSvc
SgrmBroker.exe 4316 SgrmBroker
svchost.exe 6784 W32Time
svchost.exe 780 wscsvc
notepad.exe 2272 N/A
MicrosoftEdgeUpdate.exe 3632 N/A
notepad.exe 6844 N/A
CompatTelRunner.exe 5484 N/A
TrustedInstaller.exe 6076 TrustedInstaller
TiWorker.exe 2620 N/A
conhost.exe 280 N/A
MoUsoCoreWorker.exe 4132 N/A
svchost.exe 4708 InstallService
MicrosoftEdgeUpdate.exe 3520 edgeupdate
GenValObj.exe 2136 N/A
backgroundTaskHost.exe 6856 N/A
RuntimeBroker.exe 5504 N/A
CompatTelRunner.exe 2928 N/A
notepad.exe 388 N/A
ShellExperienceHost.exe 2948 N/A
RuntimeBroker.exe 2924 N/A
provtool.exe 6956 N/A
taskhostw.exe 4084 N/A
Defrag.exe 4100 N/A
CompatTelRunner.exe 5456 N/A
conhost.exe 5384 N/A
tzsync.exe 6776 N/A
cleanmgr.exe 2248 N/A
conhost.exe 6828 N/A
conhost.exe 356 N/A
svchost.exe 7040 defragsvc
CompatTelRunner.exe 1628 N/A
wermgr.exe 3572 N/A
Simulation.exe 1032 N/A
conhost.exe 3800 N/A
cmd.exe 4832 N/A
conhost.exe 5680 N/A
cmd.exe 4208 N/A
DeviceCensus.exe 1860 N/A
powershell.exe 6748 N/A
WmiApSrv.exe 1608 wmiApSrv
WmiPrvSE.exe 4652 N/A
VSSVC.exe 2572 VSS
svchost.exe 6840 swprv
cmd.exe 3120 N/A
tasklist.exe 4988 N/A
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
316 19 7856 26368 0.05 6920 1 ApplicationFrameHost
733 27 9360 21496 0.38 6856 1 backgroundTaskHost
390 25 6584 10628 0.05 2248 1 cleanmgr
79 5 2264 4120 0.02 4208 1 cmd
73 5 2224 3996 0.02 4832 1 cmd
193 11 2484 5168 1628 0 CompatTelRunner
213 12 2772 3444 2928 0 CompatTelRunner
98 5 884 4184 5456 0 CompatTelRunner
115 6 1108 1564 5484 0 CompatTelRunner
158 10 6500 1304 280 0 conhost
160 10 6536 1696 356 0 conhost
135 10 6320 1380 3800 0 conhost
160 10 6532 13284 5384 0 conhost
104 7 6064 10508 0.03 5680 1 conhost
124 10 6468 11952 0.02 6116 1 conhost
160 10 6516 1724 6828 0 conhost
509 19 1752 4672 444 0 csrss
428 16 1804 4772 560 1 csrss
386 15 3524 12540 0.09 4036 1 ctfmon
133 8 1272 2748 4100 0 Defrag
297 16 3600 9076 0.02 1860 1 DeviceCensus
273 14 4000 10744 2664 0 dllhost
910 33 29808 48472 1004 1 dwm
1680 63 25584 94432 1.59 4328 1 explorer
32 5 1372 3392 784 0 fontdrvhost
32 6 1836 3712 788 1 fontdrvhost
249 9 2824 9716 2136 0 GenValObj
496 51 20692 22940 0.69 4548 1 httpd
158 28 9372 12192 0.30 6108 1 httpd
0 0 60 8 0 0 Idle
1233 27 6532 17732 700 0 lsass
0 0 276 15548 1396 0 Memory Compression
398 19 4516 16772 3520 0 MicrosoftEdgeUpdate
215 13 2200 4260 3632 0 MicrosoftEdgeUpdate
213 13 1904 420 3900 0 MicrosoftEdgeUpdate
374 19 6408 19332 4132 0 MoUsoCoreWorker
235 13 2988 6716 2696 0 msdtc
1037 45 24148 69208 0.63 5516 1 msedge
137 9 1892 7200 0.00 5532 1 msedge
302 18 101204 23896 0.08 5700 1 msedge
283 17 8900 28076 0.14 5708 1 msedge
209 14 6796 17188 0.05 5744 1 msedge
831 81 163484 64312 2264 0 MsMpEng
205 39 3408 9384 3416 0 NisSrv
191 11 1980 2216 388 0 notepad
191 11 1908 1288 2272 0 notepad
191 11 1992 1120 3104 0 notepad
191 11 1896 1468 6844 0 notepad
1008 31 79104 90424 1.03 6748 1 powershell
191 14 2896 6424 6956 0 provtool
0 29 15964 55108 92 0 Registry
200 11 2716 16456 0.06 2924 1 RuntimeBroker
225 13 2328 13088 0.06 3336 1 RuntimeBroker
278 16 5816 22860 0.45 4792 1 RuntimeBroker
300 16 5260 20648 0.27 5008 1 RuntimeBroker
394 19 5888 24908 0.14 5504 1 RuntimeBroker
1046 68 49644 55700 1.03 4900 1 SearchApp
713 38 18700 22604 4908 0 SearchIndexer
410 17 4028 14736 3984 0 SecurityHealthService
165 10 1744 9256 0.02 5364 1 SecurityHealthSystray
408 11 3764 8064 676 0 services
105 7 3504 6764 4316 0 SgrmBroker
567 26 9972 43364 0.14 2948 1 ShellExperienceHost
502 18 5048 24216 0.33 3532 1 sihost
304 21 49552 35936 1032 0 Simulation
53 3 1076 832 340 0 smss
604 28 16760 50764 0.38 4728 1 StartMenuExperienceHost
2576 120 41384 68208 404 0 svchost
550 21 4736 13544 408 0 svchost
218 13 2524 10180 780 0 svchost
1293 24 8856 26028 800 0 svchost
755 37 62404 74492 876 0 svchost
1044 18 6000 12708 912 0 svchost
225 14 8140 19056 1012 0 svchost
221 11 2120 9456 1120 0 svchost
371 17 9356 12908 1220 0 svchost
1014 43 11252 27552 1228 0 svchost
805 21 22584 32612 1236 0 svchost
903 38 16396 28560 1308 0 svchost
211 15 8344 13736 1500 0 svchost
207 11 2152 8728 1596 0 svchost
127 9 1572 6308 1752 0 svchost
363 13 2412 9504 1764 0 svchost
429 33 8416 16620 1900 0 svchost
166 12 1688 7124 2020 0 svchost
673 28 16792 24152 2128 0 svchost
422 20 4312 16708 2864 0 svchost
203 11 2064 7984 3724 0 svchost
622 27 9244 37092 0.27 3852 1 svchost
237 12 3108 16624 0.03 4424 1 svchost
180 11 2580 15464 4708 0 svchost
218 14 2020 7400 5292 0 svchost
208 12 1736 7648 6784 0 svchost
143 10 1804 8416 6840 0 svchost
160 13 63540 65900 7040 0 svchost
2638 0 196 136 4 0 System
813 38 19332 1600 0.33 6912 1 SystemSettings
258 31 6328 15208 0.13 2976 1 taskhostw
275 17 13440 16944 4084 0 taskhostw
957 60 52148 58504 2620 0 TiWorker
160 9 2248 8132 6076 0 TrustedInstaller
229 14 25204 16100 6776 0 tzsync
176 11 3192 8584 2220 0 VGAuthService
117 7 1440 5828 2228 0 vm3dservice
117 9 1556 6404 2424 1 vm3dservice
384 21 9336 18908 2252 0 vmtoolsd
258 18 5272 15012 0.03 5472 1 vmtoolsd
174 11 1932 9172 2572 0 VSSVC
360 17 3476 8312 3572 0 wermgr
164 12 1480 6452 544 0 wininit
278 13 2724 13192 640 1 winlogon
147 9 1560 7968 1608 0 WmiApSrv
369 17 8528 17304 2916 0 WmiPrvSE
166 11 2588 9764 4652 0 WmiPrvSE
299 14 22180 25856 5228 0 WmiPrvSE
237 17 5704 13968 0.31 6064 1 xampp-control xampp-control.exehttpd.exenotepad.exeGenValObj.exeprovtool.exeDefrag.exetzsync.execleanmgr.exewermgr.exeSimulation.exeDeviceCensus.exeVSSVC.exe
Tasks
PS C:\xampp\htdocs\blog> Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft TaskName,TaskPath,State
TaskName TaskPath State
-------- -------- -----
OneDrive Reporting Task-S-1-5-21-2619112490-2635448554-1147358759-1002 \ Ready
PS C:\xampp\htdocs\blog> cmd /c schtasks /QUERY /FO TABLE
Folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
OneDrive Reporting Task-S-1-5-21-2619112 4/19/2025 3:55:32 AM Ready
Folder: \Microsoft
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\OneCore
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\.NET Framework
TaskName Next Run Time Status
======================================== ====================== ===============
.NET Framework NGEN v4.0.30319 N/A Ready
.NET Framework NGEN v4.0.30319 64 N/A Ready
.NET Framework NGEN v4.0.30319 64 Critic N/A Disabled
.NET Framework NGEN v4.0.30319 Critical N/A Disabled
Folder: \Microsoft\Windows\Active Directory Rights Management Services Client
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management N/A Disabled
AD RMS Rights Policy Template Management N/A Ready
Folder: \Microsoft\Windows\AppID
TaskName Next Run Time Status
======================================== ====================== ===============
PolicyConverter N/A Disabled
VerifiedPublisherCertStoreCheck N/A Disabled
Folder: \Microsoft\Windows\Application Experience
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft Compatibility Appraiser 4/19/2025 3:34:27 AM Running
PcaPatchDbTask 4/18/2025 4:40:07 PM Ready
ProgramDataUpdater N/A Ready
StartupAppTask N/A Ready
Folder: \Microsoft\Windows\ApplicationData
TaskName Next Run Time Status
======================================== ====================== ===============
appuriverifierdaily N/A Ready
appuriverifierinstall N/A Ready
CleanupTemporaryState N/A Ready
DsSvcCleanup N/A Ready
Folder: \Microsoft\Windows\AppListBackup
TaskName Next Run Time Status
======================================== ====================== ===============
Backup N/A Ready
Folder: \Microsoft\Windows\AppxDeploymentClient
TaskName Next Run Time Status
======================================== ====================== ===============
Pre-staged app cleanup N/A Disabled
Folder: \Microsoft\Windows\Autochk
TaskName Next Run Time Status
======================================== ====================== ===============
Proxy N/A Ready
Folder: \Microsoft\Windows\BitLocker
TaskName Next Run Time Status
======================================== ====================== ===============
BitLocker Encrypt All Drives N/A Ready
BitLocker MDM policy Refresh N/A Ready
Folder: \Microsoft\Windows\Bluetooth
TaskName Next Run Time Status
======================================== ====================== ===============
UninstallDeviceTask N/A Ready
Folder: \Microsoft\Windows\BrokerInfrastructure
TaskName Next Run Time Status
======================================== ====================== ===============
BgTaskRegistrationMaintenanceTask N/A Ready
Folder: \Microsoft\Windows\CertificateServicesClient
TaskName Next Run Time Status
======================================== ====================== ===============
UserTask N/A Ready
UserTask-Roam N/A Ready
Folder: \Microsoft\Windows\Chkdsk
TaskName Next Run Time Status
======================================== ====================== ===============
ProactiveScan N/A Ready
SyspartRepair N/A Ready
Folder: \Microsoft\Windows\CloudExperienceHost
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
Folder: \Microsoft\Windows\Customer Experience Improvement Program
TaskName Next Run Time Status
======================================== ====================== ===============
Consolidator 4/18/2025 6:00:00 PM Ready
UsbCeip N/A Ready
Folder: \Microsoft\Windows\Data Integrity Scan
TaskName Next Run Time Status
======================================== ====================== ===============
Data Integrity Check And Scan 4/18/2025 11:17:04 PM Ready
Data Integrity Scan N/A Ready
Data Integrity Scan for Crash Recovery N/A Ready
Folder: \Microsoft\Windows\Defrag
TaskName Next Run Time Status
======================================== ====================== ===============
ScheduledDefrag N/A Ready
Folder: \Microsoft\Windows\Device Information
TaskName Next Run Time Status
======================================== ====================== ===============
Device 4/19/2025 4:16:49 AM Ready
Device User N/A Ready
Folder: \Microsoft\Windows\Diagnosis
TaskName Next Run Time Status
======================================== ====================== ===============
RecommendedTroubleshootingScanner N/A Ready
Scheduled N/A Ready
Folder: \Microsoft\Windows\DirectX
TaskName Next Run Time Status
======================================== ====================== ===============
DirectXDatabaseUpdater N/A Ready
DXGIAdapterCache N/A Ready
Folder: \Microsoft\Windows\DiskCleanup
TaskName Next Run Time Status
======================================== ====================== ===============
SilentCleanup N/A Ready
Folder: \Microsoft\Windows\DiskDiagnostic
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft-Windows-DiskDiagnosticDataColl N/A Disabled
Microsoft-Windows-DiskDiagnosticResolver N/A Disabled
Folder: \Microsoft\Windows\DiskFootprint
TaskName Next Run Time Status
======================================== ====================== ===============
Diagnostics N/A Ready
StorageSense N/A Ready
Folder: \Microsoft\Windows\DUSM
TaskName Next Run Time Status
======================================== ====================== ===============
dusmtask N/A Ready
Folder: \Microsoft\Windows\EDP
TaskName Next Run Time Status
======================================== ====================== ===============
EDP App Launch Task N/A Ready
EDP Auth Task N/A Ready
EDP Inaccessible Credentials Task N/A Ready
StorageCardEncryption Task N/A Ready
Folder: \Microsoft\Windows\ExploitGuard
TaskName Next Run Time Status
======================================== ====================== ===============
ExploitGuard MDM policy Refresh N/A Ready
Folder: \Microsoft\Windows\Feedback
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Feedback\Siuf
TaskName Next Run Time Status
======================================== ====================== ===============
DmClient N/A Ready
DmClientOnScenarioDownload N/A Ready
Folder: \Microsoft\Windows\File Classification Infrastructure
TaskName Next Run Time Status
======================================== ====================== ===============
Property Definition Sync N/A Disabled
Folder: \Microsoft\Windows\FileHistory
TaskName Next Run Time Status
======================================== ====================== ===============
File History (maintenance mode) N/A Ready
Folder: \Microsoft\Windows\Flighting
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Flighting\FeatureConfig
TaskName Next Run Time Status
======================================== ====================== ===============
ReconcileFeatures N/A Ready
UsageDataFlushing N/A Ready
UsageDataReporting N/A Ready
Folder: \Microsoft\Windows\Flighting\OneSettings
TaskName Next Run Time Status
======================================== ====================== ===============
RefreshCache 4/18/2025 2:49:19 PM Running
Folder: \Microsoft\Windows\Input
TaskName Next Run Time Status
======================================== ====================== ===============
LocalUserSyncDataAvailable N/A Ready
MouseSyncDataAvailable N/A Ready
PenSyncDataAvailable N/A Ready
TouchpadSyncDataAvailable N/A Ready
Folder: \Microsoft\Windows\InstallService
TaskName Next Run Time Status
======================================== ====================== ===============
ScanForUpdates 4/19/2025 2:42:48 PM Ready
ScanForUpdatesAsUser N/A Ready
WakeUpAndContinueUpdates N/A Disabled
WakeUpAndScanForUpdates N/A Disabled
Folder: \Microsoft\Windows\International
TaskName Next Run Time Status
======================================== ====================== ===============
Synchronize Language Settings N/A Ready
Folder: \Microsoft\Windows\LanguageComponentsInstaller
TaskName Next Run Time Status
======================================== ====================== ===============
Installation N/A Ready
ReconcileLanguageResources N/A Ready
Folder: \Microsoft\Windows\Live
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Location
TaskName Next Run Time Status
======================================== ====================== ===============
Notifications N/A Ready
WindowsActionDialog N/A Ready
Folder: \Microsoft\Windows\Maintenance
TaskName Next Run Time Status
======================================== ====================== ===============
WinSAT N/A Ready
Folder: \Microsoft\Windows\Management
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Management\Provisioning
TaskName Next Run Time Status
======================================== ====================== ===============
Cellular N/A Ready
Logon N/A Ready
Retry N/A Disabled
RunOnReboot N/A Disabled
Folder: \Microsoft\Windows\Maps
TaskName Next Run Time Status
======================================== ====================== ===============
MapsToastTask N/A Ready
MapsUpdateTask N/A Disabled
Folder: \Microsoft\Windows\MemoryDiagnostic
TaskName Next Run Time Status
======================================== ====================== ===============
ProcessMemoryDiagnosticEvents N/A Ready
RunFullMemoryDiagnostic N/A Ready
Folder: \Microsoft\Windows\Mobile Broadband Accounts
TaskName Next Run Time Status
======================================== ====================== ===============
MNO Metadata Parser N/A Ready
Folder: \Microsoft\Windows\MUI
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
Folder: \Microsoft\Windows\Multimedia
TaskName Next Run Time Status
======================================== ====================== ===============
SystemSoundsService N/A Running
Folder: \Microsoft\Windows\NetTrace
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
Folder: \Microsoft\Windows\NlaSvc
TaskName Next Run Time Status
======================================== ====================== ===============
WiFiTask N/A Ready
Folder: \Microsoft\Windows\Offline Files
TaskName Next Run Time Status
======================================== ====================== ===============
Background Synchronization N/A Disabled
Logon Synchronization N/A Disabled
Folder: \Microsoft\Windows\PLA
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Plug and Play
TaskName Next Run Time Status
======================================== ====================== ===============
Device Install Group Policy N/A Ready
Device Install Reboot Required N/A Ready
Sysprep Generalize Drivers N/A Ready
Folder: \Microsoft\Windows\Power Efficiency Diagnostics
TaskName Next Run Time Status
======================================== ====================== ===============
AnalyzeSystem N/A Running
Folder: \Microsoft\Windows\Printing
TaskName Next Run Time Status
======================================== ====================== ===============
EduPrintProv N/A Ready
Folder: \Microsoft\Windows\RecoveryEnvironment
TaskName Next Run Time Status
======================================== ====================== ===============
VerifyWinRE N/A Disabled
Folder: \Microsoft\Windows\Registry
TaskName Next Run Time Status
======================================== ====================== ===============
RegIdleBackup N/A Ready
Folder: \Microsoft\Windows\Servicing
TaskName Next Run Time Status
======================================== ====================== ===============
StartComponentCleanup N/A Ready
Folder: \Microsoft\Windows\SettingSync
TaskName Next Run Time Status
======================================== ====================== ===============
BackgroundUploadTask N/A Ready
NetworkStateChangeTask N/A Ready
Folder: \Microsoft\Windows\SharedPC
TaskName Next Run Time Status
======================================== ====================== ===============
Account Cleanup N/A Disabled
Folder: \Microsoft\Windows\Shell
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
FamilySafetyMonitor N/A Ready
FamilySafetyRefreshTask N/A Ready
IndexerAutomaticMaintenance N/A Ready
Folder: \Microsoft\Windows\SoftwareProtectionPlatform
TaskName Next Run Time Status
======================================== ====================== ===============
SvcRestartTaskLogon N/A Disabled
Folder: \Microsoft\Windows\SpacePort
TaskName Next Run Time Status
======================================== ====================== ===============
SpaceAgentTask N/A Ready
SpaceManagerTask N/A Ready
Folder: \Microsoft\Windows\Speech
TaskName Next Run Time Status
======================================== ====================== ===============
HeadsetButtonPress N/A Ready
Folder: \Microsoft\Windows\StateRepository
TaskName Next Run Time Status
======================================== ====================== ===============
MaintenanceTasks N/A Ready
Folder: \Microsoft\Windows\Storage Tiers Management
TaskName Next Run Time Status
======================================== ====================== ===============
Storage Tiers Management Initialization N/A Ready
Storage Tiers Optimization N/A Disabled
Folder: \Microsoft\Windows\Subscription
TaskName Next Run Time Status
======================================== ====================== ===============
EnableLicenseAcquisition N/A Ready
LicenseAcquisition N/A Disabled
Folder: \Microsoft\Windows\Sysmain
TaskName Next Run Time Status
======================================== ====================== ===============
HybridDriveCachePrepopulate N/A Disabled
HybridDriveCacheRebalance N/A Disabled
ResPriStaticDbSync N/A Ready
WsSwapAssessmentTask N/A Queued
Folder: \Microsoft\Windows\SystemRestore
TaskName Next Run Time Status
======================================== ====================== ===============
SR N/A Ready
Folder: \Microsoft\Windows\Task Manager
TaskName Next Run Time Status
======================================== ====================== ===============
Interactive N/A Ready
Folder: \Microsoft\Windows\TextServicesFramework
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Ready
Folder: \Microsoft\Windows\Time Synchronization
TaskName Next Run Time Status
======================================== ====================== ===============
ForceSynchronizeTime N/A Ready
SynchronizeTime N/A Ready
Folder: \Microsoft\Windows\Time Zone
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTimeZone N/A Ready
Folder: \Microsoft\Windows\UNP
TaskName Next Run Time Status
======================================== ====================== ===============
RunUpdateNotificationMgr N/A Disabled
Folder: \Microsoft\Windows\UPnP
TaskName Next Run Time Status
======================================== ====================== ===============
UPnPHostConfig N/A Ready
Folder: \Microsoft\Windows\USB
TaskName Next Run Time Status
======================================== ====================== ===============
Usb-Notifications N/A Ready
Folder: \Microsoft\Windows\WCM
TaskName Next Run Time Status
======================================== ====================== ===============
WiFiTask N/A Ready
Folder: \Microsoft\Windows\WDI
TaskName Next Run Time Status
======================================== ====================== ===============
ResolutionHost N/A Ready
Folder: \Microsoft\Windows\Windows Defender
TaskName Next Run Time Status
======================================== ====================== ===============
Windows Defender Cache Maintenance N/A Ready
Windows Defender Cleanup N/A Ready
Windows Defender Scheduled Scan N/A Ready
Windows Defender Verification N/A Ready
Folder: \Microsoft\Windows\Windows Error Reporting
TaskName Next Run Time Status
======================================== ====================== ===============
QueueReporting 4/18/2025 1:22:44 PM Ready
Folder: \Microsoft\Windows\Windows Filtering Platform
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
Folder: \Microsoft\Windows\Windows Media Sharing
TaskName Next Run Time Status
======================================== ====================== ===============
UpdateLibrary N/A Ready
Folder: \Microsoft\Windows\WindowsColorSystem
TaskName Next Run Time Status
======================================== ====================== ===============
Calibration Loader N/A Ready
Folder: \Microsoft\Windows\WindowsUpdate
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled Start N/A Disabled
Folder: \Microsoft\Windows\WindowsUpdate\RUXIM
TaskName Next Run Time Status
======================================== ====================== ===============
PLUGScheduler 4/19/2025 8:19:18 AM Ready
Folder: \Microsoft\Windows\Wininet
TaskName Next Run Time Status
======================================== ====================== ===============
CacheTask N/A Running
Folder: \Microsoft\Windows\WlanSvc
TaskName Next Run Time Status
======================================== ====================== ===============
CDSSync N/A Ready
Folder: \Microsoft\Windows\Work Folders
TaskName Next Run Time Status
======================================== ====================== ===============
Work Folders Logon Synchronization N/A Ready
Work Folders Maintenance Work N/A Ready
Folder: \Microsoft\Windows\Workplace Join
TaskName Next Run Time Status
======================================== ====================== ===============
Automatic-Device-Join N/A Disabled
Device-Sync N/A Disabled
Recovery-Check N/A Disabled
Folder: \Microsoft\Windows\WwanSvc
TaskName Next Run Time Status
======================================== ====================== ===============
NotificationTask N/A Ready
OobeDiscovery N/A Ready
Folder: \Microsoft\XblGameSave
TaskName Next Run Time Status
======================================== ====================== ===============
XblGameSaveTask N/A Ready Services
PS C:\xampp\htdocs\blog> wmic service where "State='Running'" get Name,PathName,StartName | Out-String -Stream | Where-Object { $_ -match 'S' -and $_ -notmatch 'C:\Windows\System32' } | Select-Object -First 100
Name PathName StartName
AppXSvc C:\WINDOWS\system32\svchost.exe -k wsappx -p LocalSystem
AudioEndpointBuilder C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
Audiosrv C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
BFE C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p NT AUTHORITY\LocalService
BITS C:\WINDOWS\System32\svchost.exe -k netsvcs -p LocalSystem
BrokerInfrastructure C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
camsvc C:\WINDOWS\system32\svchost.exe -k appmodel -p LocalSystem
CDPSvc C:\WINDOWS\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
CertPropSvc C:\WINDOWS\system32\svchost.exe -k netsvcs LocalSystem
ClipSVC C:\WINDOWS\System32\svchost.exe -k wsappx -p LocalSystem
COMSysApp C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} LocalSystem
CoreMessagingRegistrar C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p NT AUTHORITY\LocalService
CryptSvc C:\WINDOWS\system32\svchost.exe -k NetworkService -p NT Authority\NetworkService
DcomLaunch C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
Dhcp C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT Authority\LocalService
DiagTrack C:\WINDOWS\System32\svchost.exe -k utcsvc -p LocalSystem
DispBrokerDesktopSvc C:\WINDOWS\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
Dnscache C:\WINDOWS\system32\svchost.exe -k NetworkService -p NT AUTHORITY\NetworkService
DoSvc C:\WINDOWS\System32\svchost.exe -k NetworkService -p NT Authority\NetworkService
DPS C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p NT AUTHORITY\LocalService
DsmSvc C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
DsSvc C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
DusmSvc C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT Authority\LocalService
edgeupdate "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc LocalSystem
EventLog C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
EventSystem C:\WINDOWS\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
FontCache C:\WINDOWS\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
gpsvc C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
IKEEXT C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
InstallService C:\WINDOWS\System32\svchost.exe -k netsvcs -p LocalSystem
iphlpsvc C:\WINDOWS\System32\svchost.exe -k NetSvcs -p LocalSystem
KeyIso C:\WINDOWS\system32\lsass.exe LocalSystem
LanmanServer C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
LanmanWorkstation C:\WINDOWS\System32\svchost.exe -k NetworkService -p NT AUTHORITY\NetworkService
LicenseManager C:\WINDOWS\System32\svchost.exe -k LocalService -p NT Authority\LocalService
lmhosts C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
LSM
mpssvc C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p NT Authority\LocalService
MSDTC C:\WINDOWS\System32\msdtc.exe NT AUTHORITY\NetworkService
NcbService C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
Netman C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
netprofm C:\WINDOWS\System32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
NlaSvc C:\WINDOWS\System32\svchost.exe -k NetworkService -p NT AUTHORITY\NetworkService
nsi C:\WINDOWS\system32\svchost.exe -k LocalService -p NT Authority\LocalService
PcaSvc C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
PlugPlay C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
PolicyAgent C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted -p NT Authority\NetworkService
Power C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
ProfSvc C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
RmSvc C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted NT AUTHORITY\LocalService
RpcEptMapper C:\WINDOWS\system32\svchost.exe -k RPCSS -p NT AUTHORITY\NetworkService
RpcSs C:\WINDOWS\system32\svchost.exe -k rpcss -p NT AUTHORITY\NetworkService
SamSs C:\WINDOWS\system32\lsass.exe LocalSystem
Schedule C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
SecurityHealthService C:\WINDOWS\system32\SecurityHealthService.exe LocalSystem
SENS C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
SessionEnv C:\WINDOWS\System32\svchost.exe -k netsvcs -p localSystem
SgrmBroker C:\WINDOWS\system32\SgrmBroker.exe LocalSystem
ShellHWDetection C:\WINDOWS\System32\svchost.exe -k netsvcs -p LocalSystem
SSDPSRV C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p NT AUTHORITY\LocalService
StateRepository C:\WINDOWS\system32\svchost.exe -k appmodel -p LocalSystem
StorSvc C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
swprv C:\WINDOWS\System32\svchost.exe -k swprv LocalSystem
SysMain C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
SystemEventsBroker C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
TabletInputService C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
TermService C:\WINDOWS\System32\svchost.exe -k NetworkService NT Authority\NetworkService
Themes C:\WINDOWS\System32\svchost.exe -k netsvcs -p LocalSystem
TimeBrokerSvc C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
TokenBroker C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
TrkWks C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe localSystem
UmRdpService C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p localSystem
UserManager C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
UsoSvc C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
VaultSvc C:\WINDOWS\system32\lsass.exe LocalSystem
VGAuthService "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe" LocalSystem
VM3DService C:\WINDOWS\system32\vm3dservice.exe LocalSystem
VMTools "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" LocalSystem
VSS C:\WINDOWS\system32\vssvc.exe LocalSystem
W32Time C:\WINDOWS\system32\svchost.exe -k LocalService NT AUTHORITY\LocalService
Wcmsvc C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT Authority\LocalService
WdiServiceHost C:\WINDOWS\System32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
WdiSystemHost C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
WdNisSvc "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe" NT AUTHORITY\LocalService
WinDefend "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe" LocalSystem
WinHttpAutoProxySvc C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
Winmgmt C:\WINDOWS\system32\svchost.exe -k netsvcs -p localSystem
wlidsvc C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe localSystem
WpnService C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
wscsvc C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
WSearch C:\WINDOWS\system32\SearchIndexer.exe /Embedding LocalSystem
wuauserv C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
cbdhsvc_60b5b C:\WINDOWS\system32\svchost.exe -k ClipboardSvcGroup -p
CDPUserSvc_60b5b C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
OneSyncSvc_60b5b C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
WpnUserService_60b5b C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup edgeupdate "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc LocalSystemVSS C:\WINDOWS\system32\vssvc.exe LocalSystem
Installed Programs
PS C:\xampp\htdocs\blog> Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*" -ErrorAction SilentlyContinue | Select-Object -ExpandProperty DisplayName -ErrorAction SilentlyContinue | Where-Object { $_ } | Sort-Object -Unique
Microsoft Edge
Microsoft Edge Update
Microsoft Update Health Tools
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.24.28127
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.24.28127
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.24.28127
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.24.28127
Update for Windows 10 for x64-based Systems (KB5001716)
VMware Tools
XAMPPXAMPP
Firewall & AV
PS C:\xampp\htdocs\blog> netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No Remote Desktop
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No Network Discovery
Enable No Remote Desktop
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Enable Inbound Apache HTTP Server / C:\xampp\apache\bin\httpd.exe
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
Log configuration:
-------------------------------------------------------------------
File location = C:\WINDOWS\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .PS C:\xampp\htdocs\blog> Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property ExclusionPath
AMEngineVersion : 1.1.19100.5
AMProductVersion : 4.18.2203.5
AMRunningMode : Normal
AMServiceEnabled : True
AMServiceVersion : 4.18.2203.5
AntispywareEnabled : True
AntispywareSignatureAge : 1095
AntispywareSignatureLastUpdated : 4/18/2022 1:00:20 PM
AntispywareSignatureVersion : 1.363.602.0
AntivirusEnabled : True
AntivirusSignatureAge : 1095
AntivirusSignatureLastUpdated : 4/18/2022 1:00:20 PM
AntivirusSignatureVersion : 1.363.602.0
BehaviorMonitorEnabled : True
ComputerID : 8192B89E-E0F9-FE3A-F10A-E1513DAD4BAF
ComputerState : 0
DefenderSignaturesOutOfDate : False
DeviceControlDefaultEnforcement : Unknown
DeviceControlPoliciesLastUpdated : 4/18/2025 12:19:00 PM
DeviceControlState : Disabled
FullScanAge : 4294967295
FullScanEndTime :
FullScanOverdue : False
FullScanRequired : False
FullScanSignatureVersion :
FullScanStartTime :
IoavProtectionEnabled : True
IsTamperProtected : True
IsVirtualMachine : True
LastFullScanSource : 0
LastQuickScanSource : 2
NISEnabled : True
NISEngineVersion : 1.1.19100.5
NISSignatureAge : 1095
NISSignatureLastUpdated : 4/18/2022 1:00:20 PM
NISSignatureVersion : 1.363.602.0
OnAccessProtectionEnabled : True
ProductStatus : 524288
QuickScanAge : 0
QuickScanEndTime : 4/18/2025 12:21:39 PM
QuickScanOverdue : False
QuickScanSignatureVersion : 1.363.602.0
QuickScanStartTime : 4/18/2025 12:21:12 PM
RealTimeProtectionEnabled : True
RealTimeScanDirection : 0
RebootRequired : False
TamperProtectionSource : Signatures
TDTMode : N/A
TDTStatus : N/A
TDTTelemetry : N/A
PSComputerName :
ExclusionPath : {N/A: Must be and administrator to view exclusions}Session Architecture
PS C:\xampp\htdocs\blog> [Environment]::Is64BitProcess
TrueInstalled .NET Frameworks
PS C:\xampp\htdocs\blog> cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework ; cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP" ; cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
Volume in drive C has no label.
Volume Serial Number is 08DF-534D
Directory of C:\Windows\Microsoft.NET\Framework
12/07/2019 02:31 AM <DIR> .
12/07/2019 02:31 AM <DIR> ..
06/18/2021 05:57 AM <DIR> v1.0.3705
06/18/2021 05:57 AM <DIR> v1.1.4322
12/07/2019 02:14 AM <DIR> v2.0.50727
04/18/2025 12:21 PM <DIR> v4.0.30319
0 File(s) 0 bytes
6 Dir(s) 6,978,351,104 bytes free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0.NET 4.8.04084